Re: problem of extracting IP string from header (bug?)

[Justin Mason <jm...@jmason.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


MATSUDA Yoh-ichi writes:
> Hello, spamassassiners.
> 
> Nowadays, many people discuss 'uk.geocities.com' redirecting spam.
> I also received the many spams, too.
> 
> By the way, I found a problem of SpamAssassin's extracting IP string
> function.
> 
> My SpamAssassin (3.0.4) failed to detect almost of all 'uk.geo' spam's
> host IP and executing DNSBL procedure.
> 
> For example, below header string, SA failed to execute DNSBLs.
> 
> | Received: from makorsha.biz ([218.64.103.25])by mxg509.nifty.com with SMTP id j7GItZAo029596;
> | 	Wed, 17 Aug 2005 03:55:36 +0900
> 
> But, below header string, SA succeeded to execute DNSBLs.
> 
> | Received: from makorsha.biz ([218.64.103.25]) by mxg509.nifty.com with SMTP id j7GItZAo029596;
> | 	Wed, 17 Aug 2005 03:55:36 +0900
> 
> Yes, it's simply inserting a whitespace between IP str and 'by ...'.
> 
> It seems to be a bug of SA 3.0.4.
> Has the problem been solved in 3.1.0-rc1?
> My LinuxBox is debian sarge, and it's not still released 3.1.0-rc1
> debian package, so I can't test it on rc1.

Hi --

unfortunately the space is required, and appears in the output from the
MTAs that I'm aware of.  It appears that the "nifty.com" mailserver is
producing unusual headers there.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFDAptfMJF5cimLx9ARAvh4AKClHBEvZaP4Swl0VIb2JdIP3WWliQCgo67o
UYe4gv4fc9k9oroSeEAUeRk=
=mmXt
-----END PGP SIGNATURE-----

Re: problem of extracting IP string from header (bug?)

[mouss <us...@free.fr>]

Justin Mason a écrit :

>Hi --
>
>unfortunately the space is required, and appears in the output from the
>MTAs that I'm aware of.  It appears that the "nifty.com" mailserver is
>producing unusual headers there.
>
>  
>
The code may however be modified to account for such things, I think. 
because uncoformant or not, this doesn't seem hard to parse. but I may 
be missing something of course.

Re: problem of extracting IP string from header (bug?)

[Loren Wilton <lw...@earthlink.net>]

> unfortunately the space is required, and appears in the output from the
> MTAs that I'm aware of.  It appears that the "nifty.com" mailserver is
> producing unusual headers there.

Justin, this sounds very similar to the (I believe bz) report a few days ago
where someone suggested spammers may be doing this deliberately in faked
received headers.

        Loren

Re: problem of extracting IP string from header (bug?)

[MATSUDA Yoh-ichi <yo...@flcl.org>]

Hi, all.


From: jm@jmason.org (Justin Mason)
Subject: Re: problem of extracting IP string from header (bug?) 
Date: Tue, 16 Aug 2005 19:05:19 -0700

> > For example, below header string, SA failed to execute DNSBLs.
> > 
> > | Received: from makorsha.biz ([218.64.103.25])by mxg509.nifty.com with SMTP id j7GItZAo029596;
> > | 	Wed, 17 Aug 2005 03:55:36 +0900
> > 
> > But, below header string, SA succeeded to execute DNSBLs.
> > 
> > | Received: from makorsha.biz ([218.64.103.25]) by mxg509.nifty.com with SMTP id j7GItZAo029596;
> > | 	Wed, 17 Aug 2005 03:55:36 +0900
> > 
> > Yes, it's simply inserting a whitespace between IP str and 'by ...'.
> > 
> > It seems to be a bug of SA 3.0.4.
> > Has the problem been solved in 3.1.0-rc1?
> > My LinuxBox is debian sarge, and it's not still released 3.1.0-rc1
> > debian package, so I can't test it on rc1.
> 
> Hi --
> 
> unfortunately the space is required, and appears in the output from the
> MTAs that I'm aware of.  It appears that the "nifty.com" mailserver is
> producing unusual headers there.

Justin-san, thanks your quickly reply.

I understood.

So, I have more questions.

Is it not a bug? Specification?
Does nifty.com's MTA work wrong?
Do I have to insert a whitespace procedure (ex. formail or sed) in
~/.procmailrc ?
--
Nothing but a peace sign.
Yoh-ichi MATSUDA(yoh)
mailto:yoh@flcl.org
http://www.flcl.org/~yoh/diary/ (only Japanese)